Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 4eb5660c52a5966374c9d810550e3ae0069bd50f^! / . / microdroid / sepolicy / system / public / runas.te
commit4eb5660c52a5966374c9d810550e3ae0069bd50f[log] [tgz]
authorInseob Kim <inseob@google.com>Fri Jul 09 15:51:12 2021 +0900
committerInseob Kim <inseob@google.com>Tue Jul 13 14:06:58 2021 +0900
tree11a87447d96b7949e5da2a64cd76aa1271f897b1
parent32ea89af9e9846a9865d85389bed271423b173a7 [diff] [blame]
Leave minimal sepolicy for microdroid

Steps taken:

1) Grab remaining types in contexts files.
2) Leave such types and remove all other types.
3) Set attributes, according to system/etc/selinux/plat_sepolicy.cil.
4) Repeat booting and adding missing types, rules, and attributes.
5) Organize types and allow rules.

Bug: 191131624
Test: atest MicrodroidHostTestCases
Change-Id: I1302701f67e61795474c667e8e6094d67912eea0

diff --git a/microdroid/sepolicy/system/public/runas.te b/microdroid/sepolicy/system/public/runas.te
index 356a019..4d8a6b3 100644
--- a/microdroid/sepolicy/system/public/runas.te
+++ b/microdroid/sepolicy/system/public/runas.te

@@ -1,43 +1,2 @@
-type runas, domain, mlstrustedsubject;
-type runas_exec, system_file_type, exec_type, file_type;
-
-allow runas adbd:fd use;
-allow runas adbd:process sigchld;
-allow runas adbd:unix_stream_socket { read write };
-allow runas shell:fd use;
-allow runas shell:fifo_file { read write };
-allow runas shell:unix_stream_socket { read write };
-allow runas devpts:chr_file { read write ioctl };
-allow runas shell_data_file:file { read write };
-
-# run-as reads package information.
-allow runas system_data_file:file r_file_perms;
-allow runas system_data_file:lnk_file getattr;
-allow runas packages_list_file:file r_file_perms;
-
-# The app's data dir may be accessed through a symlink.
-allow runas system_data_file:lnk_file read;
-
-# run-as checks and changes to the app data dir.
-dontaudit runas self:global_capability_class_set { dac_override dac_read_search };
-allow runas app_data_file:dir { getattr search };
-
-# run-as switches to the app UID/GID.
-allow runas self:global_capability_class_set { setuid setgid };
-
-# run-as switches to the app security context.
-selinux_check_context(runas) # validate context
-allow runas self:process setcurrent;
-allow runas non_system_app_set:process dyntransition; # setcon
-
-# runas/libselinux needs access to seapp_contexts_file to
-# determine which domain to transition to.
-allow runas seapp_contexts_file:file r_file_perms;
-
-###
-### neverallow rules
-###
-
-# run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID
-neverallow runas self:global_capability_class_set ~{ setuid setgid };
-neverallow runas self:global_capability2_class_set *;
+type runas, domain, mlstrustedsubject, coredomain;
+type runas_exec, file_type, exec_type, system_file_type;